Jump to content

Antivirus 2008

Guest Alan C

By Guest Alan C
in Windows 2003 Server

 Share

Recommended Posts

Guest Alan C

Guest Alan C

Posted
Posted

One XPPro workstn was infected by the antivirus 2008 trojan, which I have

managed to clean.

One problem remains: I cannot browse any server (2003) shares via network

places or explorer, although all mapped drives are accessible.

When I try to browse to the server, - '\\our_srv\' only one share is shown -

'userdata' - and this appears as an empty folder.

 

I know that the trojan affects the local policies, which I've reset, but

cannot find anything that would cause the above.

 

Any help, suggestions, guidance would be gratefully received.

 

P.S. I'm not sure if this is the correct ng. Hope it is.

  • Replies 11
  • Created
  • Last Reply

Popular Days

Popular Days

Guest dan

Guest dan

Posted
Posted

Re: Antivirus 2008

 

I've had two clients get infected with this and though I tried mightily I

never did get them clean. I had to wipe and reload both workstations.

 

 

"Alan C" <nospam@noisp.com> wrote in message

news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...

> One XPPro workstn was infected by the antivirus 2008 trojan, which I have

> managed to clean.

> One problem remains: I cannot browse any server (2003) shares via network

> places or explorer, although all mapped drives are accessible.

> When I try to browse to the server, - '\\our_srv\' only one share is

> shown - 'userdata' - and this appears as an empty folder.

>

> I know that the trojan affects the local policies, which I've reset, but

> cannot find anything that would cause the above.

>

> Any help, suggestions, guidance would be gratefully received.

>

> P.S. I'm not sure if this is the correct ng. Hope it is.

Guest Alan C

Guest Alan C

Posted
Posted

Re: Antivirus 2008

 

Please read the original post!!!!!!

 

I HAVE REMOVED the trojan/virus, and am hoping that someone clever may know

why network browsing stopped working and how to restore it.

 

 

"dan" <dan(remove)@westerveltconsulting.com> wrote in message

news:ul%23%23b4BEJHA.4720@TK2MSFTNGP02.phx.gbl...

> I've had two clients get infected with this and though I tried mightily I

> never did get them clean. I had to wipe and reload both workstations.

>

>

> "Alan C" <nospam@noisp.com> wrote in message

> news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...

>> One XPPro workstn was infected by the antivirus 2008 trojan, which I have

>> managed to clean.

>> One problem remains: I cannot browse any server (2003) shares via network

>> places or explorer, although all mapped drives are accessible.

>> When I try to browse to the server, - '\\our_srv\' only one share is

>> shown - 'userdata' - and this appears as an empty folder.

>>

>> I know that the trojan affects the local policies, which I've reset, but

>> cannot find anything that would cause the above.

>>

>> Any help, suggestions, guidance would be gratefully received.

>>

>> P.S. I'm not sure if this is the correct ng. Hope it is.

>

>

Guest Peter Foldes

Guest Peter Foldes

Posted
Posted

Re: Antivirus 2008

 

And he answered you correctly.

 

******** I had to wipe and reload both workstations*************

 

--

Peter

 

Please Reply to Newsgroup for the benefit of others

Requests for assistance by email can not and will not be acknowledged.

 

"Alan C" <nospam@noisp.com> wrote in message news:OiQyAnEEJHA.3940@TK2MSFTNGP04.phx.gbl...

> Please read the original post!!!!!!

>

> I HAVE REMOVED the trojan/virus, and am hoping that someone clever may know

> why network browsing stopped working and how to restore it.

>

>

> "dan" <dan(remove)@westerveltconsulting.com> wrote in message

> news:ul%23%23b4BEJHA.4720@TK2MSFTNGP02.phx.gbl...

>> I've had two clients get infected with this and though I tried mightily I

>> never did get them clean. I had to wipe and reload both workstations.

>>

>>

>> "Alan C" <nospam@noisp.com> wrote in message

>> news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...

>>> One XPPro workstn was infected by the antivirus 2008 trojan, which I have

>>> managed to clean.

>>> One problem remains: I cannot browse any server (2003) shares via network

>>> places or explorer, although all mapped drives are accessible.

>>> When I try to browse to the server, - '\\our_srv\' only one share is

>>> shown - 'userdata' - and this appears as an empty folder.

>>>

>>> I know that the trojan affects the local policies, which I've reset, but

>>> cannot find anything that would cause the above.

>>>

>>> Any help, suggestions, guidance would be gratefully received.

>>>

>>> P.S. I'm not sure if this is the correct ng. Hope it is.

>>

>>

>

Guest Alan C

Guest Alan C

Posted
Posted

Re: Antivirus 2008

 

For information and enlightenment:

 

I fixed the problem, it turned out to be a winsock corruption.

 

reinstalling tcp was the answer.

 

"Alan C" <nospam@noisp.com> wrote in message

news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...

> One XPPro workstn was infected by the antivirus 2008 trojan, which I have

> managed to clean.

> One problem remains: I cannot browse any server (2003) shares via network

> places or explorer, although all mapped drives are accessible.

> When I try to browse to the server, - '\\our_srv\' only one share is

> shown - 'userdata' - and this appears as an empty folder.

>

> I know that the trojan affects the local policies, which I've reset, but

> cannot find anything that would cause the above.

>

> Any help, suggestions, guidance would be gratefully received.

>

> P.S. I'm not sure if this is the correct ng. Hope it is.

Guest Hank Arnold (MVP)

Guest Hank Arnold (MVP)

Posted
Posted

Re: Antivirus 2008

 

Obviously, you haven't. Removing a virus/malware program isn't

"successful" just because a removal program says it was and you don't

get any error messages. You still have consequences of the infection and

that means you were *NOT* successful.

 

What "dan" said is that he wasn't able to restore the systems to full

functionality until he did a clean install. For many of us, that is all

too often the only way to be sure.

 

--

 

Regards,

Hank Arnold

Microsoft MVP

Windows Server - Directory Services

 

Alan C wrote:

> Please read the original post!!!!!!

>

> I HAVE REMOVED the trojan/virus, and am hoping that someone clever may know

> why network browsing stopped working and how to restore it.

>

>

> "dan" <dan(remove)@westerveltconsulting.com> wrote in message

> news:ul%23%23b4BEJHA.4720@TK2MSFTNGP02.phx.gbl...

>> I've had two clients get infected with this and though I tried

>> mightily I never did get them clean. I had to wipe and reload both

>> workstations.

>>

>>

>> "Alan C" <nospam@noisp.com> wrote in message

>> news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...

>>> One XPPro workstn was infected by the antivirus 2008 trojan, which I

>>> have managed to clean.

>>> One problem remains: I cannot browse any server (2003) shares via

>>> network places or explorer, although all mapped drives are accessible.

>>> When I try to browse to the server, - '\\our_srv\' only one share is

>>> shown - 'userdata' - and this appears as an empty folder.

>>>

>>> I know that the trojan affects the local policies, which I've reset,

>>> but cannot find anything that would cause the above.

>>>

>>> Any help, suggestions, guidance would be gratefully received.

>>>

>>> P.S. I'm not sure if this is the correct ng. Hope it is.

>>

>>

>

Guest Kerry Brown

Guest Kerry Brown

Posted
Posted

Re: Antivirus 2008

 

You still don't seem to understand what everyone has been trying to tell

you. Once a system has been infected there is no way of knowing if it has

been cleaned/repaired except doing a full format and rebuild. You have been

able to fix the symptoms that you noticed. There may still be other left

over problems or the computer may still be infected.

 

--

Kerry Brown

MS-MVP - Windows Desktop Experience: Systems Administration

http://www.vistahelp.ca/phpBB2/

http://vistahelpca.blogspot.com/

 

 

"Alan C" <nospam@noisp.com> wrote in message

news:%23Zn6XNNEJHA.1456@TK2MSFTNGP03.phx.gbl...

> For information and enlightenment:

>

> I fixed the problem, it turned out to be a winsock corruption.

>

> reinstalling tcp was the answer.

>

> "Alan C" <nospam@noisp.com> wrote in message

> news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...

>> One XPPro workstn was infected by the antivirus 2008 trojan, which I have

>> managed to clean.

>> One problem remains: I cannot browse any server (2003) shares via network

>> places or explorer, although all mapped drives are accessible.

>> When I try to browse to the server, - '\\our_srv\' only one share is

>> shown - 'userdata' - and this appears as an empty folder.

>>

>> I know that the trojan affects the local policies, which I've reset, but

>> cannot find anything that would cause the above.

>>

>> Any help, suggestions, guidance would be gratefully received.

>>

>> P.S. I'm not sure if this is the correct ng. Hope it is.

>

Guest Alan C

Guest Alan C

Posted
Posted

Re: Antivirus 2008

 

You don't seem to understand that I know what I am doing, having started in

IT in the mid 1970's. Admittedly there is still a learning curve as OS's,

etc, evolve, hence my questions to these ng's.

 

And I don't appreciate the patronizing attitude of some posters.

 

The pc in question is now clean.

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message

news:uaW$6fPEJHA.3288@TK2MSFTNGP03.phx.gbl...

> You still don't seem to understand what everyone has been trying to tell

> you. Once a system has been infected there is no way of knowing if it has

> been cleaned/repaired except doing a full format and rebuild. You have

> been able to fix the symptoms that you noticed. There may still be other

> left over problems or the computer may still be infected.

>

> --

> Kerry Brown

> MS-MVP - Windows Desktop Experience: Systems Administration

> http://www.vistahelp.ca/phpBB2/

> http://vistahelpca.blogspot.com/

>

>

> "Alan C" <nospam@noisp.com> wrote in message

> news:%23Zn6XNNEJHA.1456@TK2MSFTNGP03.phx.gbl...

>> For information and enlightenment:

>>

>> I fixed the problem, it turned out to be a winsock corruption.

>>

>> reinstalling tcp was the answer.

>>

>> "Alan C" <nospam@noisp.com> wrote in message

>> news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...

>>> One XPPro workstn was infected by the antivirus 2008 trojan, which I

>>> have managed to clean.

>>> One problem remains: I cannot browse any server (2003) shares via

>>> network places or explorer, although all mapped drives are accessible.

>>> When I try to browse to the server, - '\\our_srv\' only one share is

>>> shown - 'userdata' - and this appears as an empty folder.

>>>

>>> I know that the trojan affects the local policies, which I've reset, but

>>> cannot find anything that would cause the above.

>>>

>>> Any help, suggestions, guidance would be gratefully received.

>>>

>>> P.S. I'm not sure if this is the correct ng. Hope it is.

>>

>

Guest Kerry Brown

Guest Kerry Brown

Posted
Posted

Re: Antivirus 2008

 

I'm sorry if you think I was patronizing. I also started in IT in the 70's,

although I don't know what this has to do with the conversation. At the very

least my experience has taught me that there are many different points of

view regarding computer security and that my view may differ from others. I

have learned that I need to be open to other points of view. There is no one

right answer when it comes to computer security. These newsgroups are read

by many thousands of people who may not have your experience and knowledge.

Many people will find these posts through a search engine. They need to know

that even though an anti-malware program may seem to remove some malware the

possibility exists that the computer is not "clean".

 

Once a computer is owned by someone else (infected) the only way to be 100%

certain the infection is gone is to flatten and rebuild the system from

known good media. This could mean starting from scratch or restoring from a

known good backup. A good part of my business is dealing with malware

infections. I have learned that an infected system can be repaired but not

definitively cleaned by any other other method. It is up to you to decide

how much of a risk this is. As you posted this in a server newsgroup I

assume the computer in question is part of a network. If this is the case

then by cleaning an infected computer you are taking a chance that the

computer may not be fully cleaned and may compromise the network. Balancing

the time and resources used between mitigating that risk and fixing the

infected computer is a decision only you can make. For me, if the computer

is part of a network that a business relies on, the best way to fix a

malware infection is to flatten the computer and restore a clean image.

There shouldn't be any important data on the computer so this is a quick and

easy fix. If the computer is not part of a network, or good network policies

have not been implemented, then other solutions may work better. I am

sometimes called in to fix things when something goes wrong due to good

network policies not being implemented. Like you, I sometimes resort to

cleaning an infected system as the customer does not want to pay for the

proper fix, which is not quick and easy because there is no image available

and company data is not stored on a server. This doesn't mean this is the

best solution or that I don't inform the customer of the potential risks of

this solution. The important thing to understand is that is is a compromise

and not the best solution.

 

--

Kerry Brown

MS-MVP - Windows Desktop Experience: Systems Administration

http://www.vistahelp.ca/phpBB2/

http://vistahelpca.blogspot.com/

 

 

"Alan C" <nospam@noisp.com> wrote in message

news:ua9zUAQEJHA.3604@TK2MSFTNGP06.phx.gbl...

> You don't seem to understand that I know what I am doing, having started

> in IT in the mid 1970's. Admittedly there is still a learning curve as

> OS's, etc, evolve, hence my questions to these ng's.

>

> And I don't appreciate the patronizing attitude of some posters.

>

> The pc in question is now clean.

> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message

> news:uaW$6fPEJHA.3288@TK2MSFTNGP03.phx.gbl...

>> You still don't seem to understand what everyone has been trying to tell

>> you. Once a system has been infected there is no way of knowing if it has

>> been cleaned/repaired except doing a full format and rebuild. You have

>> been able to fix the symptoms that you noticed. There may still be other

>> left over problems or the computer may still be infected.

>>

>> --

>> Kerry Brown

>> MS-MVP - Windows Desktop Experience: Systems Administration

>> http://www.vistahelp.ca/phpBB2/

>> http://vistahelpca.blogspot.com/

>>

>>

>> "Alan C" <nospam@noisp.com> wrote in message

>> news:%23Zn6XNNEJHA.1456@TK2MSFTNGP03.phx.gbl...

>>> For information and enlightenment:

>>>

>>> I fixed the problem, it turned out to be a winsock corruption.

>>>

>>> reinstalling tcp was the answer.

>>>

>>> "Alan C" <nospam@noisp.com> wrote in message

>>> news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...

>>>> One XPPro workstn was infected by the antivirus 2008 trojan, which I

>>>> have managed to clean.

>>>> One problem remains: I cannot browse any server (2003) shares via

>>>> network places or explorer, although all mapped drives are accessible.

>>>> When I try to browse to the server, - '\\our_srv\' only one share is

>>>> shown - 'userdata' - and this appears as an empty folder.

>>>>

>>>> I know that the trojan affects the local policies, which I've reset,

>>>> but cannot find anything that would cause the above.

>>>>

>>>> Any help, suggestions, guidance would be gratefully received.

>>>>

>>>> P.S. I'm not sure if this is the correct ng. Hope it is.

>>>

>>

>

Guest Alan C

Guest Alan C

Posted
Posted

Re: Antivirus 2008

 

Although the pc in question is a on a small network(assumption correct), it

is used by the financial controller. It therefore has software/data (e.g.

payroll) and some proprietary programs that are not on the server. The data

is safe, but flattening the pc would mean not just reinstalling the OS and

programs but booking the 3rd party guys to come and reconfigure their

software. Last time (hdd failure) this cost more than the pc was worth and

took over a week.

 

OK, special case. We all know how frequent they are. That is why I've spent

the last two days sweating blood to ensure the malware is removed fully, and

didn't just wipe it.

 

For the record, I mentioned the '70's start to illustrate my cynicism at the

obviously banal replies that are inevitable. Also wordy, 'stating the

obvious' posts can appear to be extremely patronizing, even when not

intended.

 

I use these ng's for clues and ideas, not necessarily for cures. Rant over.

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message

news:O51R2gQEJHA.1272@TK2MSFTNGP02.phx.gbl...

> I'm sorry if you think I was patronizing. I also started in IT in the

> 70's, although I don't know what this has to do with the conversation. At

> the very least my experience has taught me that there are many different

> points of view regarding computer security and that my view may differ

> from others. I have learned that I need to be open to other points of

> view. There is no one right answer when it comes to computer security.

> These newsgroups are read by many thousands of people who may not have

> your experience and knowledge. Many people will find these posts through a

> search engine. They need to know that even though an anti-malware program

> may seem to remove some malware the possibility exists that the computer

> is not "clean".

>

> Once a computer is owned by someone else (infected) the only way to be

> 100% certain the infection is gone is to flatten and rebuild the system

> from known good media. This could mean starting from scratch or restoring

> from a known good backup. A good part of my business is dealing with

> malware infections. I have learned that an infected system can be repaired

> but not definitively cleaned by any other other method. It is up to you to

> decide how much of a risk this is. As you posted this in a server

> newsgroup I assume the computer in question is part of a network. If this

> is the case then by cleaning an infected computer you are taking a chance

> that the computer may not be fully cleaned and may compromise the network.

> Balancing the time and resources used between mitigating that risk and

> fixing the infected computer is a decision only you can make. For me, if

> the computer is part of a network that a business relies on, the best way

> to fix a malware infection is to flatten the computer and restore a clean

> image. There shouldn't be any important data on the computer so this is a

> quick and easy fix. If the computer is not part of a network, or good

> network policies have not been implemented, then other solutions may work

> better. I am sometimes called in to fix things when something goes wrong

> due to good network policies not being implemented. Like you, I sometimes

> resort to cleaning an infected system as the customer does not want to pay

> for the proper fix, which is not quick and easy because there is no image

> available and company data is not stored on a server. This doesn't mean

> this is the best solution or that I don't inform the customer of the

> potential risks of this solution. The important thing to understand is

> that is is a compromise and not the best solution.

>

> --

> Kerry Brown

> MS-MVP - Windows Desktop Experience: Systems Administration

> http://www.vistahelp.ca/phpBB2/

> http://vistahelpca.blogspot.com/

>

>

> "Alan C" <nospam@noisp.com> wrote in message

> news:ua9zUAQEJHA.3604@TK2MSFTNGP06.phx.gbl...

>> You don't seem to understand that I know what I am doing, having started

>> in IT in the mid 1970's. Admittedly there is still a learning curve as

>> OS's, etc, evolve, hence my questions to these ng's.

>>

>> And I don't appreciate the patronizing attitude of some posters.

>>

>> The pc in question is now clean.

>> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message

>> news:uaW$6fPEJHA.3288@TK2MSFTNGP03.phx.gbl...

>>> You still don't seem to understand what everyone has been trying to tell

>>> you. Once a system has been infected there is no way of knowing if it

>>> has been cleaned/repaired except doing a full format and rebuild. You

>>> have been able to fix the symptoms that you noticed. There may still be

>>> other left over problems or the computer may still be infected.

>>>

>>> --

>>> Kerry Brown

>>> MS-MVP - Windows Desktop Experience: Systems Administration

>>> http://www.vistahelp.ca/phpBB2/

>>> http://vistahelpca.blogspot.com/

>>>

>>>

>>> "Alan C" <nospam@noisp.com> wrote in message

>>> news:%23Zn6XNNEJHA.1456@TK2MSFTNGP03.phx.gbl...

>>>> For information and enlightenment:

>>>>

>>>> I fixed the problem, it turned out to be a winsock corruption.

>>>>

>>>> reinstalling tcp was the answer.

>>>>

>>>> "Alan C" <nospam@noisp.com> wrote in message

>>>> news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...

>>>>> One XPPro workstn was infected by the antivirus 2008 trojan, which I

>>>>> have managed to clean.

>>>>> One problem remains: I cannot browse any server (2003) shares via

>>>>> network places or explorer, although all mapped drives are accessible.

>>>>> When I try to browse to the server, - '\\our_srv\' only one share is

>>>>> shown - 'userdata' - and this appears as an empty folder.

>>>>>

>>>>> I know that the trojan affects the local policies, which I've reset,

>>>>> but cannot find anything that would cause the above.

>>>>>

>>>>> Any help, suggestions, guidance would be gratefully received.

>>>>>

>>>>> P.S. I'm not sure if this is the correct ng. Hope it is.

>>>>

>>>

>>

>

Guest NeilH

Guest NeilH

Posted
Posted

Re: Antivirus 2008

 

Sounds to me like a good backup is required!!

 

 

"Alan C" <nospam@noisp.com> wrote in message

news:%23GXZffREJHA.4040@TK2MSFTNGP02.phx.gbl...

> Although the pc in question is a on a small network(assumption correct),

it

> is used by the financial controller. It therefore has software/data (e.g.

> payroll) and some proprietary programs that are not on the server. The

data

> is safe, but flattening the pc would mean not just reinstalling the OS and

> programs but booking the 3rd party guys to come and reconfigure their

> software. Last time (hdd failure) this cost more than the pc was worth and

> took over a week.

>

> OK, special case. We all know how frequent they are. That is why I've

spent

> the last two days sweating blood to ensure the malware is removed fully,

and

> didn't just wipe it.

>

> For the record, I mentioned the '70's start to illustrate my cynicism at

the

> obviously banal replies that are inevitable. Also wordy, 'stating the

> obvious' posts can appear to be extremely patronizing, even when not

> intended.

>

> I use these ng's for clues and ideas, not necessarily for cures. Rant

over.

> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message

> news:O51R2gQEJHA.1272@TK2MSFTNGP02.phx.gbl...

> > I'm sorry if you think I was patronizing. I also started in IT in the

> > 70's, although I don't know what this has to do with the conversation.

At

> > the very least my experience has taught me that there are many different

> > points of view regarding computer security and that my view may differ

> > from others. I have learned that I need to be open to other points of

> > view. There is no one right answer when it comes to computer security.

> > These newsgroups are read by many thousands of people who may not have

> > your experience and knowledge. Many people will find these posts through

a

> > search engine. They need to know that even though an anti-malware

program

> > may seem to remove some malware the possibility exists that the computer

> > is not "clean".

> >

> > Once a computer is owned by someone else (infected) the only way to be

> > 100% certain the infection is gone is to flatten and rebuild the system

> > from known good media. This could mean starting from scratch or

restoring

> > from a known good backup. A good part of my business is dealing with

> > malware infections. I have learned that an infected system can be

repaired

> > but not definitively cleaned by any other other method. It is up to you

to

> > decide how much of a risk this is. As you posted this in a server

> > newsgroup I assume the computer in question is part of a network. If

this

> > is the case then by cleaning an infected computer you are taking a

chance

> > that the computer may not be fully cleaned and may compromise the

network.

> > Balancing the time and resources used between mitigating that risk and

> > fixing the infected computer is a decision only you can make. For me, if

> > the computer is part of a network that a business relies on, the best

way

> > to fix a malware infection is to flatten the computer and restore a

clean

> > image. There shouldn't be any important data on the computer so this is

a

> > quick and easy fix. If the computer is not part of a network, or good

> > network policies have not been implemented, then other solutions may

work

> > better. I am sometimes called in to fix things when something goes wrong

> > due to good network policies not being implemented. Like you, I

sometimes

> > resort to cleaning an infected system as the customer does not want to

pay

> > for the proper fix, which is not quick and easy because there is no

image

> > available and company data is not stored on a server. This doesn't mean

> > this is the best solution or that I don't inform the customer of the

> > potential risks of this solution. The important thing to understand is

> > that is is a compromise and not the best solution.

> >

> > --

> > Kerry Brown

> > MS-MVP - Windows Desktop Experience: Systems Administration

> > http://www.vistahelp.ca/phpBB2/

> > http://vistahelpca.blogspot.com/

> >

> >

> > "Alan C" <nospam@noisp.com> wrote in message

> > news:ua9zUAQEJHA.3604@TK2MSFTNGP06.phx.gbl...

> >> You don't seem to understand that I know what I am doing, having

started

> >> in IT in the mid 1970's. Admittedly there is still a learning curve as

> >> OS's, etc, evolve, hence my questions to these ng's.

> >>

> >> And I don't appreciate the patronizing attitude of some posters.

> >>

> >> The pc in question is now clean.

> >> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message

> >> news:uaW$6fPEJHA.3288@TK2MSFTNGP03.phx.gbl...

> >>> You still don't seem to understand what everyone has been trying to

tell

> >>> you. Once a system has been infected there is no way of knowing if it

> >>> has been cleaned/repaired except doing a full format and rebuild. You

> >>> have been able to fix the symptoms that you noticed. There may still

be

> >>> other left over problems or the computer may still be infected.

> >>>

> >>> --

> >>> Kerry Brown

> >>> MS-MVP - Windows Desktop Experience: Systems Administration

> >>> http://www.vistahelp.ca/phpBB2/

> >>> http://vistahelpca.blogspot.com/

> >>>

> >>>

> >>> "Alan C" <nospam@noisp.com> wrote in message

> >>> news:%23Zn6XNNEJHA.1456@TK2MSFTNGP03.phx.gbl...

> >>>> For information and enlightenment:

> >>>>

> >>>> I fixed the problem, it turned out to be a winsock corruption.

> >>>>

> >>>> reinstalling tcp was the answer.

> >>>>

> >>>> "Alan C" <nospam@noisp.com> wrote in message

> >>>> news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...

> >>>>> One XPPro workstn was infected by the antivirus 2008 trojan, which I

> >>>>> have managed to clean.

> >>>>> One problem remains: I cannot browse any server (2003) shares via

> >>>>> network places or explorer, although all mapped drives are

accessible.

> >>>>> When I try to browse to the server, - '\\our_srv\' only one share is

> >>>>> shown - 'userdata' - and this appears as an empty folder.

> >>>>>

> >>>>> I know that the trojan affects the local policies, which I've reset,

> >>>>> but cannot find anything that would cause the above.

> >>>>>

> >>>>> Any help, suggestions, guidance would be gratefully received.

> >>>>>

> >>>>> P.S. I'm not sure if this is the correct ng. Hope it is.

> >>>>

> >>>

> >>

> >

>

Guest Hank Arnold (MVP)

Guest Hank Arnold (MVP)

Posted
Posted

Re: Antivirus 2008

 

I don't think any of us were patronizing. There was no information

indicating your skill level. Almost 100% of postings like yours are not

by experienced IT folks like us.

 

I'll be honest with you, in your situation, considering the fact that

this is a network *AND* used by a finance controller, I would still have

recommended a clean rebuild. Since you have the original hard drive

working, the time to rebuild should still be less than a week. If the

"customer" can't do without it for any length of time I would suggest a

perhaps a parallel build and replace the system when ready.

 

It's your network and you are, obviously, very familiar with it. Bottom

line is that you are "the boss" and you seem to know what you are doing.

 

As another suggested, since this is the second time the affected system

has caused significant loss of time (and data?), I would urge in the

strongest terms that you insist on a rigorous backup strategy for this

computer.....

 

--

 

Regards,

Hank Arnold

Microsoft MVP

Windows Server - Directory Services

 

Alan C wrote:

> Although the pc in question is a on a small network(assumption correct),

> it is used by the financial controller. It therefore has software/data

> (e.g. payroll) and some proprietary programs that are not on the server.

> The data is safe, but flattening the pc would mean not just reinstalling

> the OS and programs but booking the 3rd party guys to come and

> reconfigure their software. Last time (hdd failure) this cost more than

> the pc was worth and took over a week.

>

> OK, special case. We all know how frequent they are. That is why I've

> spent the last two days sweating blood to ensure the malware is removed

> fully, and didn't just wipe it.

>

> For the record, I mentioned the '70's start to illustrate my cynicism at

> the obviously banal replies that are inevitable. Also wordy, 'stating

> the obvious' posts can appear to be extremely patronizing, even when not

> intended.

>

> I use these ng's for clues and ideas, not necessarily for cures. Rant over.

> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message

> news:O51R2gQEJHA.1272@TK2MSFTNGP02.phx.gbl...

>> I'm sorry if you think I was patronizing. I also started in IT in the

>> 70's, although I don't know what this has to do with the conversation.

>> At the very least my experience has taught me that there are many

>> different points of view regarding computer security and that my view

>> may differ from others. I have learned that I need to be open to other

>> points of view. There is no one right answer when it comes to computer

>> security. These newsgroups are read by many thousands of people who

>> may not have your experience and knowledge. Many people will find

>> these posts through a search engine. They need to know that even

>> though an anti-malware program may seem to remove some malware the

>> possibility exists that the computer is not "clean".

>>

>> Once a computer is owned by someone else (infected) the only way to be

>> 100% certain the infection is gone is to flatten and rebuild the

>> system from known good media. This could mean starting from scratch or

>> restoring from a known good backup. A good part of my business is

>> dealing with malware infections. I have learned that an infected

>> system can be repaired but not definitively cleaned by any other other

>> method. It is up to you to decide how much of a risk this is. As you

>> posted this in a server newsgroup I assume the computer in question is

>> part of a network. If this is the case then by cleaning an infected

>> computer you are taking a chance that the computer may not be fully

>> cleaned and may compromise the network. Balancing the time and

>> resources used between mitigating that risk and fixing the infected

>> computer is a decision only you can make. For me, if the computer is

>> part of a network that a business relies on, the best way to fix a

>> malware infection is to flatten the computer and restore a clean

>> image. There shouldn't be any important data on the computer so this

>> is a quick and easy fix. If the computer is not part of a network, or

>> good network policies have not been implemented, then other solutions

>> may work better. I am sometimes called in to fix things when something

>> goes wrong due to good network policies not being implemented. Like

>> you, I sometimes resort to cleaning an infected system as the customer

>> does not want to pay for the proper fix, which is not quick and easy

>> because there is no image available and company data is not stored on

>> a server. This doesn't mean this is the best solution or that I don't

>> inform the customer of the potential risks of this solution. The

>> important thing to understand is that is is a compromise and not the

>> best solution.

>>

>> --

>> Kerry Brown

>> MS-MVP - Windows Desktop Experience: Systems Administration

>> http://www.vistahelp.ca/phpBB2/

>> http://vistahelpca.blogspot.com/

>>

>>

>> "Alan C" <nospam@noisp.com> wrote in message

>> news:ua9zUAQEJHA.3604@TK2MSFTNGP06.phx.gbl...

>>> You don't seem to understand that I know what I am doing, having

>>> started in IT in the mid 1970's. Admittedly there is still a learning

>>> curve as OS's, etc, evolve, hence my questions to these ng's.

>>>

>>> And I don't appreciate the patronizing attitude of some posters.

>>>

>>> The pc in question is now clean.

>>> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message

>>> news:uaW$6fPEJHA.3288@TK2MSFTNGP03.phx.gbl...

>>>> You still don't seem to understand what everyone has been trying to

>>>> tell you. Once a system has been infected there is no way of knowing

>>>> if it has been cleaned/repaired except doing a full format and

>>>> rebuild. You have been able to fix the symptoms that you noticed.

>>>> There may still be other left over problems or the computer may

>>>> still be infected.

>>>>

>>>> --

>>>> Kerry Brown

>>>> MS-MVP - Windows Desktop Experience: Systems Administration

>>>> http://www.vistahelp.ca/phpBB2/

>>>> http://vistahelpca.blogspot.com/

>>>>

>>>>

>>>> "Alan C" <nospam@noisp.com> wrote in message

>>>> news:%23Zn6XNNEJHA.1456@TK2MSFTNGP03.phx.gbl...

>>>>> For information and enlightenment:

>>>>>

>>>>> I fixed the problem, it turned out to be a winsock corruption.

>>>>>

>>>>> reinstalling tcp was the answer.

>>>>>

>>>>> "Alan C" <nospam@noisp.com> wrote in message

>>>>> news:uq4O1rAEJHA.1460@TK2MSFTNGP03.phx.gbl...

>>>>>> One XPPro workstn was infected by the antivirus 2008 trojan, which

>>>>>> I have managed to clean.

>>>>>> One problem remains: I cannot browse any server (2003) shares via

>>>>>> network places or explorer, although all mapped drives are

>>>>>> accessible.

>>>>>> When I try to browse to the server, - '\\our_srv\' only one share

>>>>>> is shown - 'userdata' - and this appears as an empty folder.

>>>>>>

>>>>>> I know that the trojan affects the local policies, which I've

>>>>>> reset, but cannot find anything that would cause the above.

>>>>>>

>>>>>> Any help, suggestions, guidance would be gratefully received.

>>>>>>

>>>>>> P.S. I'm not sure if this is the correct ng. Hope it is.

>>>>>

>>>>

>>>

>>

>

 Share
Go to topic listing
×
×
  • Create New...